diff options
author | Florian Dold <florian@dold.me> | 2023-10-10 00:36:05 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2023-10-10 00:36:05 +0200 |
commit | 46f4f401a271ac4f2036dfb7a1b648a64018143b (patch) | |
tree | 21d2d295f81658e140e03900bb380406da7238c6 | |
parent | d4034fc7f9dd9e293583fbf0c0a145814c3f214d (diff) | |
download | deployment-46f4f401a271ac4f2036dfb7a1b648a64018143b.tar.gz deployment-46f4f401a271ac4f2036dfb7a1b648a64018143b.tar.bz2 deployment-46f4f401a271ac4f2036dfb7a1b648a64018143b.zip |
WIP
38 files changed, 264 insertions, 1483 deletions
diff --git a/sandcastle/images/base/Dockerfile b/sandcastle/Dockerfile index 31a22c1..c865f72 100644 --- a/sandcastle/images/base/Dockerfile +++ b/sandcastle/Dockerfile @@ -199,14 +199,23 @@ WORKDIR / # Final image FROM base-system as taler-final +RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ + gpg COPY utils/fund-rewards.sh / +COPY apt/caddy-stable.list /etc/apt/sources.list.d/caddy-stable.list +COPY apt/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg +RUN gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ emacs \ vim \ + curl \ postgresql \ bash-completion \ sudo \ - less + less \ + caddy \ + systemd-coredump \ + libnss3-tools RUN mkdir -p /packages COPY --from=gnunet /packages/gnunet/* /packages/ COPY --from=exchange /packages/exchange/* /packages/ diff --git a/sandcastle/apt/caddy-stable-archive-keyring.gpg b/sandcastle/apt/caddy-stable-archive-keyring.gpg new file mode 100644 index 0000000..444c642 --- /dev/null +++ b/sandcastle/apt/caddy-stable-archive-keyring.gpg @@ -0,0 +1,64 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFb+quEBEACl3/YkFekflvauEASL+neZjCctYWyt57Dv5AdRmUPO4zkxylLG +d/9JawlUfHuYYU4emz7940S2wR8kbBimiLgxMqyGP5+RQnggNZhjYIXoqkkh0G8v +purq+58d+VNYf0LWnWlwuJC0dtpi4bPqZTc5ST4QOItFK0s7F2xZJyOkuAPDI782 +pGMR8UzpburHt9JwIUv1oOHFfFA/4HFQ++A6RF9bjYQFNMreaXsvMKIA5VQKcnDd +SbKEfKnr0bwGr59MsnsQBgr1Ats2W722jIs89YevBanS6n0FWeiSxUqUrNypTLkL +QHVPlK7Agq1XGWUhu55clFC6loQXboph9BhnSxSn9Kou4toXDQj6AMDuLGcV+VQ+ +fVfSZFXsp/evzqkjbc0jsUTVOZgZhhRP8DD+vjkzJFfCq/tAWu4qgqnOwE9kEEQL +MXsnsZNSYS3MvWnQFPBmg0B483iKxaA/Oe89WckTnjt+jlpAKhOoS5ZURdOtwv1i +yrKlYiXYMQCMhOd3BCw5RELb7Qtpz+gBaOoxQMMyRRYwKiturpQdV53FVvu/re/x +xXVuxRyRI2Yo94ba3a5bEGjR3CNjvx7LuGuWplYyzDWn+OXa/HiTqWM153ho+oUl +s3ntiHQ16jtgyhcNSuMffCcMLYanfmB+2m4HZmkl97vs7XvclClEXNV6VwARAQAB +tCpDYWRkeSBXZWIgU2VydmVyIDxjb250YWN0QGNhZGR5c2VydmVyLmNvbT6JAjQE +EwEKAB4FAlb+quECGwMDCwkHAxUKCAIeAQIXgAMWAgECGQEACgkQFVttecpW6jRx +cQ/9GHdVoYf15rcU0ip3Vw1MF06ndRxLmilgBvdweZ5NcRttbu8ESh+MP59Z0gOp +0uX/CqBnqZb9E2vbYyly1plq5GwP4tcCHwwkyOT1doGcyP1XylPkJkieP9YUWsIA +3oG/wCsqxxwVYzwvm0opBdrNf6pAYg2tGNCqxh8bmYPDaReu3t2LZ6qeJ4obhYTx +IwAh36oF5dVG5OW2dnMNFVpjoEgCavvTNTcJCgonLct6Zl+Q7xptJyBv3LS8L674 +V2nxcoLvtTjXG86D3yPJvD1I5WYPEZMpHznj1PEztgOrvLo+Fyu+T5vCHqfTY6mG +89BXz8L4o5aBr2uY+ZV5oQa6GuV8GIiiWIZNyDwXTnUiW/GsUFNwg0AP05rva8fF +2a3ybwsq/Sv2nraKQMpYRltBQZkg+l5nZD7znHpYBfJiH6eW3/7ft3w8OptiIcu6 +87UzhI28yoFSNE+85V3sz7JphZ/XFaU2ApESO1ahjDzP96w4u0HeSds6tbkR3OlC +ECcFOmX79MhWfjDaVNnknBqGzjy1JdQ0ZKNWMZRVyxZ9fKiZxFw+q40Sta7ynxfH +p4v0bM8vDLM3cxxOj38U5jsP/ChctyZO3P0nCEzIAR9kvumc5PSqpjiqWlbaHsxa +fXohi3LAIi/clgIOV7bIVRmTz6b61Ngf+C8VYzlUph0ygS25Ag0EX+uckAEQAKyq +E0nbZa8/6Js5TGvlRGi/pb59c6cC+yqB3d7qzOuIJ/61W9yCXliQRZSB32dGXsqD +a375PtGlE5p7id4PNwegx2C4fFN6PWdxO1bwhOnrcUov6YHggkcjaFJqaWoa/EvF +DUgEKd0d1WGzNHlmkM0P6puJ8lbPW3SeWtv+V83BvS9Hkb//43HKNk2J3cV/+RNb +MsfER5CRAFYYHs/lyT2mpYU5dislzk4VDZbR7iyzXIrUEAQdpXe8itFYjFf8xzAe +qDsUefarr485USnTTxQtcBKX06ruHiQUSCOs7HR6cDJi332cTXT7kSbq3ouq9nB8 +oaxhl2I20kVBWqdRyzVAwtGvjkWIYuUteIpguzAqpfsBv6IJ/W5G5jw+HEUJSCRr +6rlC1z9agGCKl53NTV4gHqRY2GpYPr2KNN3uTVojignCC9BEP0eRqj876X90Y7id +QuDda/+QaHH6htUe/W51j5RLVWssCLTZwHPZmeHtxz6U6IOEtlSuso7IN4HQsdaj +lmOP+kfNy1gKVOW9fvF2HpUvY2cNwjSAO96C3K4w4z/ykHco/6HhZcAb/MydMKPy +cI8jUDKa++Dk88xvq/AsRH++ri5WIY3n/HIkDyxGX5KCyxAfU1xuGkosnu7iBxoz +2YVIV5GUwjf7ysOmgkb7FAcb73hUnCdGxcbWiQofABEBAAGJBHIEGAEKACYWIQRl +dgxR7eogF86iyhUVW215ylbqNAUCX+uckAIbAgUJCWYBgAJACRAVW215ylbqNMF0 +IAQZAQoAHRYhBC9cO+mIas0pEyme+6uh+biHWmZhBQJf65yQAAoJEKuh+biHWmZh +ZIIP/2FxCz40ev/sR60ozPRg/eMqAx8M8tmwACjPk84tCZryTRQ9dQ2nKzIWIQvt +rLljl0OU3CCLgHRHl5lEjTgeDSfvrCLgss48fKAenBlHLGTzaMqdI6bs1fg7Ieh5 +dZQd9Crf6xLC7tBSjEzaqaPseux9tEdLEbHn8oJlQAgymW4wBko+ymriZpjs43Hx +ir8iHn/H+oSJe4tOwaGmLzbMY5LMffvUWVKnoacjIx92XiVlUVypkh22iSa0upsz +vseu+hiytwBMyxU99dsRwOQy2BZd3P/tCwpnDI8hSZCzBTyuo6XNgwLHZzvUuNKc +qXZK4kxPRTVGyur9S1rYbZqnmPf4Wy7wFtwRUvbVve6BVdc7v9zWsTkEtTEJ4Buh +GHSwBTdGKy8CJJgRN8K2umGCPxnUNvoCOsqW6xIJTp2baM1nRWZf1UvNjgVhwyJt +AlrMk1xdmDDqVUO80Y5p7Jn2G1XPlQOVHcjyjFtM4sIWPqnrRzTzB4xTAZ1push3 +EOys2+4IGLgS7P6z0q+4Cxwtnm32ZueQDWyQA5gOOZAodb8HCku6sIIiF+zGtrNO +F45xsKAoJVPt5VvH4zOKK+TbYyHAN/Ujpf09zXrTtmrnHwjB8PD+Uq2Ober/Zf5Q +4MGnzQAy/Qkw8suciIxgLC9kCNwJIFRULHMTUsAFaAq+L9+IBmwP/R2Yt/Gop4Nl +IfJDSMIBXGVn/2I2rTW0NDU3UC1njVRSVwQ4fjyRcuxi7dM/f8YBPnNGXO2Ur709 +f7LF7GkY/VgjQ9RWaZ6CB3GPhUjj1Q5nmW+lQkyehPYgx1/MuD3wq3w/BfYyrYHb +xRn5r4N5QmUasFrPH8Ey/zI2cEFwckek0Z1G2SwnkEsY0e9vy12RvCGGicHJ+Xxs +7E/L6rEjRpcQg1xzzCh1Sdx4ZKIxss9N5vJ5xCTd9kFl68ZCQJEz9zJUztEiEYcG +l6WQ+BK3W4UepkbzgZ1HVB2LWf84cHC4a983k0avI1KtKSNd6Nn4qUJUa1Hj+mw7 +tlCwt97V+vbEnhFsoVjObJqsVXQOs9CdOiV2vsRqVD5tQPEq3AfowGHtNgxXbfO/ +wPiLmPSzZOaAlFaRXX6Off9B6RYuh5pVd/njewpsPAJfefiYeBOS0nThrQMbweyf +S7FG/ibAE8NspI2Dn3nT+D6cUeYzCVkhNKKgBzYotODMl0N3H6pfOQwWp0aO8teo +0v07lrePvMGNQcu2GuTM1v9YOt5kMrfbNgdAfrN8BLPUV/ZseCdKlfJLNlh6/pxr +STw95n1JvFHpSZCMR5NWbiEdtXZmlJTFlMNMww8vO3DwTkA9hdqnKl04yPHQQpMD +A5zVwuXbvH6GHaZJVHUrII6w8rjimo5r +=e4lF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sandcastle/apt/caddy-stable-archive-keyring.gpg.gpg b/sandcastle/apt/caddy-stable-archive-keyring.gpg.gpg Binary files differnew file mode 100644 index 0000000..286fb00 --- /dev/null +++ b/sandcastle/apt/caddy-stable-archive-keyring.gpg.gpg diff --git a/sandcastle/apt/caddy-stable.list b/sandcastle/apt/caddy-stable.list new file mode 100644 index 0000000..d9503cb --- /dev/null +++ b/sandcastle/apt/caddy-stable.list @@ -0,0 +1,9 @@ +# Source: Caddy +# Site: https://github.com/caddyserver/caddy +# Repository: Caddy / stable +# Description: Fast, multi-platform web server with automatic HTTPS + + +deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main + +deb-src [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main diff --git a/sandcastle/build-container b/sandcastle/build-container index 0c8af41..7a655dd 100755 --- a/sandcastle/build-container +++ b/sandcastle/build-container @@ -6,4 +6,4 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd "$SCRIPT_DIR" -exec podman build -f images/base/Dockerfile --target taler-final -t taler-base-all . +exec podman build -f Dockerfile --target taler-final -t taler-base-all . diff --git a/sandcastle/buildconfig/libeufin.tag b/sandcastle/buildconfig/libeufin.tag index 47cd359..830fca1 100644 --- a/sandcastle/buildconfig/libeufin.tag +++ b/sandcastle/buildconfig/libeufin.tag @@ -1 +1 @@ -v0.9.3-dev.19 +v0.9.3-dev.23 diff --git a/sandcastle/buildconfig/wallet.tag b/sandcastle/buildconfig/wallet.tag index 3a369ac..be571b2 100644 --- a/sandcastle/buildconfig/wallet.tag +++ b/sandcastle/buildconfig/wallet.tag @@ -1 +1 @@ -v0.9.3-dev.26 +v0.9.3-dev.33 diff --git a/sandcastle/config/deployment.conf b/sandcastle/config/deployment.conf deleted file mode 100644 index ffa4562..0000000 --- a/sandcastle/config/deployment.conf +++ /dev/null @@ -1,36 +0,0 @@ -[taler-deployment] -currency = EUR -merchant-apikey = secret-token:sandbox -merchant-url = http://localhost:5556/ - -bank-signup-bonus = yes -bank-allow-registrations = yes - -# Frontends URLs -landing-url = http://localhost:5562/ -blog-url = http://localhost:5559/ -donations-url = http://localhost:5560/ -survey-url = http://localhost:5561/ -sync-url = http://localhost:5563/ -# This URL is the demobank-ui's: -bank-url = http://localhost:15002/ - -# Pointed to by the bank UI -bank-backend-url = http://localhost:15000/ - -# Bank accounts - -exchange-bank-password = exchangebankpw -blog-bank-password = secret-at-sandbox -pos-bank-password = secret-at-sandbox -gnunet-bank-password = secret-at-sandbox -taler-bank-password = secret-at-sandbox -tor-bank-password = secret-at-sandbox -survey-bank-password = secret-at-sandbox -# default merchant instance -default-bank-password = secret-at-sandbox - -db-password = db-secret - -# exchange URL, as seen outside of the container -default-exchange = http://localhost:5555/ diff --git a/sandcastle/config/exchange/taler.conf b/sandcastle/config/exchange/taler.conf deleted file mode 100644 index a1fe788..0000000 --- a/sandcastle/config/exchange/taler.conf +++ /dev/null @@ -1,112 +0,0 @@ -# This file is a configuration template for the exchange. -# When the exchange container is started, values from deployment.conf -# are inserted into the __...__ placeholders here. - -[taler] -currency = __CURRENCY__ -currency_round_unit = __CURRENCY__:0.01 -# Needed by older exchanges -AML_THRESHOLD = __CURRENCY__:10000000 - -[paths] -taler_data_home = /data/exchange - -[taler-exchange-secmod-eddsa] -unixpath = /eddsa.http - -[taler-exchange-secmod-rsa] -sm_priv_key = /data/taler-exchange-secmod-rsa/secmod-private-key -unixpath = /sockets/exchange-secmod-rsa.sock - -[taler-exchange-secmod-cs] -sm_priv_key = /data/taler-exchange-secmod-cs/secmod-private-key -unixpath = /sockets/exchange-secmod-cs.sock - -[exchange-accountcredentials-1] -username = exchange -wire_gateway_auth_method = basic -wire_gateway_url = __BANK_URL__/accounts/exchange/taler-wire-gateway/ -password = __EXCHANGE_BANK_PASSWORD__ - -[exchange-account-1] -enable_credit = yes -enable_debit = yes -payto_uri = payto://iban/SANDBOXX/__EXCHANGE_IBAN__?receiver-name=Name+unknown - -[exchange] -master_public_key = __EXCHANGE_MASTER_PUB__ -AML_THRESHOLD = __CURRENCY__:10000000 - -privacy_etag = exchange-pp-v0 -privacy_dir = /usr/local/share/taler/terms - -terms_etag = exchange-tos-v0 -terms_dir = /usr/local/share/taler/terms - -base_url = __EXCHANGE_URL__ -unixpath = /sockets/exchange.sock -serve = tcp -port = 80 - -[exchangedb-postgres] -config = postgres://root:__DB_PASSWORD__@talerdb/taler - -[coin___CURRENCY___10] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:10 -cipher = RSA - -[coin___CURRENCY___5] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:5 -cipher = RSA - -[coin___CURRENCY___2] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:2 -cipher = RSA - -[coin___CURRENCY___1] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:1 -cipher = RSA - -[coin___CURRENCY___ct_10] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:0.10 -cipher = RSA diff --git a/sandcastle/config/libeufin-bank/taler.conf b/sandcastle/config/libeufin-bank/taler.conf deleted file mode 100644 index 55b65db..0000000 --- a/sandcastle/config/libeufin-bank/taler.conf +++ /dev/null @@ -1,16 +0,0 @@ -[libeufin-bank] -CURRENCY = __CURRENCY__ -DEFAULT_CUSTOMER_DEBT_LIMIT = __CURRENCY__:200 -DEFAULT_ADMIN_DEBT_LIMIT = __CURRENCY__:200000 -REGISTRATION_BONUS = __CURRENCY__:100 -REGISTRATION_BONUS_ENABLED = yes -MAX_AUTH_TOKEN_DURATION = 1d - -SERVE = tcp -PORT = 15000 - -[libeufin-bankdb-postgres] -CONFIG = postgresql://talerdb/taler?user=root&password=__DB_PASSWORD__ - -#CONFIG = postgresql://root:__DB_PASSWORD__@talerdb/taler -#CONFIG = postgresql:///talerdb diff --git a/sandcastle/config/merchant/taler.conf b/sandcastle/config/merchant/taler.conf deleted file mode 100644 index bf1eb0f..0000000 --- a/sandcastle/config/merchant/taler.conf +++ /dev/null @@ -1,24 +0,0 @@ -[taler] -currency = __CURRENCY__ - -[paths] -taler_data_home = /data - -[merchant-exchange-__CURRENCY__] -currency = __CURRENCY__ -exchange_base_url = __EXCHANGE_URL__ -master_key = __EXCHANGE_PUB__ - -[merchantdb-postgres] -config = postgres://root:__DB_PASSWORD__@talerdb/taler - -[merchant] -default_max_deposit_fee = __CURRENCY__:0.05 -default_max_wire_fee = __CURRENCY__:0.01 -wire_transfer_delay = 0 s -port = 80 -serve = tcp - -[frontends] -backend = __BACKEND_URL__ -backend_apikey = __BACKEND_APIKEY__ diff --git a/sandcastle/images/exchange/Dockerfile b/sandcastle/images/exchange/Dockerfile deleted file mode 100644 index 35979d0..0000000 --- a/sandcastle/images/exchange/Dockerfile +++ /dev/null @@ -1,6 +0,0 @@ -FROM taler_local/taler_base - -RUN mkdir -p /scripts -COPY scripts/* /scripts/ -RUN chmod +x /scripts/*.sh -ENTRYPOINT /scripts/startup.sh diff --git a/sandcastle/images/exchange/scripts/config.sh b/sandcastle/images/exchange/scripts/config.sh deleted file mode 100644 index e3e9a75..0000000 --- a/sandcastle/images/exchange/scripts/config.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# This script takes the deployment configuration from /config, -# generates the taler exchange specific configuration in /etc -# and sets some environment variables needed to properly -# run the exchange. - -set -o pipefail -set -eu - -export LD_LIBRARY_PATH=/usr/local/lib -export GNUNET_FORCE_LOG=";;;;WARNING" - -mkdir -p /etc/taler -TALERCONF=/etc/taler/taler.conf -cp /config/exchange/taler.conf $TALERCONF - -# Values from config file mounted at run time: -CURRENCY=`taler-config -c /config/deployment.conf -s taler-deployment -o currency` -EXCHANGE_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o default-exchange` - -EXCHANGE_BANK_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o exchange-bank-password` -EXCHANGE_IBAN=DE159593 -DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o db-password` - -sed -i "s;__EXCHANGE_URL__;${EXCHANGE_URL};" $TALERCONF -sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" $TALERCONF -sed -i "s/__CURRENCY__/${CURRENCY}/" $TALERCONF -sed -i "s/__EXCHANGE_BANK_PASSWORD__/${EXCHANGE_BANK_PASSWORD}/" $TALERCONF -sed -i "s/__EXCHANGE_IBAN__/${EXCHANGE_IBAN}/" $TALERCONF -sed -i "s;__BANK_URL__;http://bank:15000;" $TALERCONF - -# This is executed last since taler-exchange-offline already needs the config! - -EXCHANGE_MASTER_PUB=$(taler-exchange-offline -c $TALERCONF setup) -sed -i "s/__EXCHANGE_MASTER_PUB__/$EXCHANGE_MASTER_PUB/" $TALERCONF diff --git a/sandcastle/images/exchange/scripts/startup.sh b/sandcastle/images/exchange/scripts/startup.sh deleted file mode 100644 index d570be8..0000000 --- a/sandcastle/images/exchange/scripts/startup.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash - -# -# Generate Taler ToS (Terms of Service) -# - - -TOS_PATH=/usr/local/share/taler/terms -TOS_AUTHOR="Taler Systems SA" -TOS_COPYRIGHT="Taler Systems SA" -TOS_LANGUAGE=en -TOS_OUTPUT=/usr/local/share/taler/terms/ -TOS_PAPER=a4 -TOS_TITLE="GNU Taler terms of service" - -# ToS generator is picky about the path that it is being run from -cd $TOS_PATH -taler-terms-generator -i exchange-tos-v0 -a $TOS_AUTHOR -C $TOS_COPYRIGHT -p $TOS_PAPER -o $TOS_OUTPUT -taler-terms-generator -i exchange-pp-v0 -a $TOS_AUTHOR -C $TOS_COPYRIGHT -p $TOS_PAPER -o $TOS_OUTPUT - -cd / - -source /scripts/config.sh - -while ! pg_isready -h talerdb -d taler; do - echo DB not ready yet. - sleep 2 -done -echo Now DB is ready. - -socat TCP-LISTEN:5555,fork,reuseaddr TCP:localhost:80 & - -echo -n "Init database... " -taler-exchange-dbinit -L WARNING -c $TALERCONF -echo DONE - -echo -n "Starting EDDSA helper..." -taler-exchange-secmod-eddsa -L WARNING \ - -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-secmod-eddsa-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Starting RSA helper..." -taler-exchange-secmod-rsa -L WARNING \ - -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-secmod-rsa-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Starting CS helper..." -taler-exchange-secmod-cs -L WARNING \ - -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-secmod-cs-%Y-%m-%d.log 86400 & -echo DONE - -echo -n "Launching exchange HTTPD..." -taler-exchange-httpd -L WARNING -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-httpd-%Y-%m-%d.log 86400 & -for n in `seq 1 50` - do - echo "." - sleep 0.3 - OK=1 - wget $EXCHANGE_URL -t 1 -o /dev/null -O /dev/null >/dev/null && break - OK=0 - done - if [ 1 != $OK ] - then - echo "ERROR: failed to launch Exchange" - exit 1 - fi -echo DONE - -echo -n "Launching wirewatch..." -taler-exchange-wirewatch -L WARNING --longpoll-timeout=2s -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-wirewatch-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launching transfer service..." -taler-exchange-transfer -L WARNING -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-transfer-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launching aggregator service..." -taler-exchange-aggregator -L WARNING -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-aggregator-%Y-%m-%d.log 86400 & -echo DONE -echo -echo -n "Setup keys and fees with taler-exchange-offline..." -taler-exchange-offline -L WARNING -c $TALERCONF \ - download sign \ - enable-account "payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company" \ - wire-fee now iban ${CURRENCY}:0.01 ${CURRENCY}:0.01 \ - global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 1year 5 \ - upload 2>&1 -echo DONE - -echo -n "Requesting exchange's /keys..." -curl --max-time 4 -s "${EXCHANGE_URL}keys" -echo DONE - -# Spawn a process that will fail after an hour, -# to facilitate restarting every hour. -( sleep 3600 && exit 1) & - -# Exit once a single process fails. -# Then, docker-compose will restart the whole container. -wait -n diff --git a/sandcastle/images/libeufin/Dockerfile b/sandcastle/images/libeufin/Dockerfile deleted file mode 100644 index 99745aa..0000000 --- a/sandcastle/images/libeufin/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM taler_local/taler_base - -COPY startup.sh / -COPY demobank-ui-settings.js /usr/local/share/taler/demobank-ui/ -RUN chmod +x /startup.sh -COPY nginx.conf / - -ENTRYPOINT ["/startup.sh"] diff --git a/sandcastle/images/libeufin/demobank-ui-settings.js b/sandcastle/images/libeufin/demobank-ui-settings.js deleted file mode 100644 index 7f2745c..0000000 --- a/sandcastle/images/libeufin/demobank-ui-settings.js +++ /dev/null @@ -1,19 +0,0 @@ -globalThis.talerDemobankSettings = { - allowRegistrations: true, - bankName: "Taler Bank", - // Show explainer text and navbar to other demo sites - showDemoNav: true, - // Names and links for other demo sites to show in the navbar - demoSites: [ - ["Landing", "__LANDING_URL__"], - ["Bank", "__BANK_WEBUI_URL__"], - ["Essay Shop", "__BLOG_URL__"], - ["Donations", "__DONATIONS_URL__"], - ["Survey", "__SURVEY_URL__"], - ], - bankBaseUrl: "__BANK_BACKEND_URL__" -}; - -// Currently this is still required by demobank-ui, -// the above, nicer method doesn't work yet. -localStorage.setItem("bank-base-url", "__BANK_BACKEND_URL__") diff --git a/sandcastle/images/libeufin/nginx.conf b/sandcastle/images/libeufin/nginx.conf deleted file mode 100644 index d5436f5..0000000 --- a/sandcastle/images/libeufin/nginx.conf +++ /dev/null @@ -1,14 +0,0 @@ -error_log /dev/stdout; -daemon off; -events {} -http { - access_log /dev/stdout; - server { - include /etc/nginx/mime.types; - listen 80; - listen [::]:80; - location / { - root /usr/local/share/taler/demobank-ui; - } - } -} diff --git a/sandcastle/images/libeufin/startup.sh b/sandcastle/images/libeufin/startup.sh deleted file mode 100644 index 2238523..0000000 --- a/sandcastle/images/libeufin/startup.sh +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash - -set -o pipefail -set -eu - -export JAVA_OPTS="-Xss4m -XX:MaxJavaStackTraceDepth=1073741823" - -# helps taler-config -export LD_LIBRARY_PATH=/usr/local/lib - -mkdir -p /etc/taler/ -TALERCONF=/etc/taler/taler.conf -cp /config/libeufin-bank/taler.conf $TALERCONF - -CURRENCY=$(taler-config -c /config/deployment.conf -s taler-deployment -o currency) -EXCHANGE_IBAN=DE159593 -DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o db-password` - -sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" $TALERCONF -sed -i "s/__CURRENCY__/${CURRENCY}/" $TALERCONF - -# takes port and service name -is_serving() { - echo Is $1 serving? - for n in `seq 1 80` - do - echo "." - sleep 0.1 - OK=1 - wget $1 -o /dev/null -O /dev/null >/dev/null && break - OK=0 - done - if [ 1 != $OK ] - then - echo "$2 unreachable." - exit 1 - fi - echo $2 reachable. -} - -BANK_SIGNUP_BONUS=$(taler-config -c /config/deployment.conf -s taler-deployment -o bank-signup-bonus) -BANK_ALLOW_REGISTRATIONS=$(taler-config -c /config/deployment.conf -s taler-deployment -o bank-allow-registrations) - -case "${1:-}" in - shell) - echo "Starting interactive shell" - exec bash - ;; - *) - ;; -esac - -echo "running libeufin-bank dbinit" -libeufin-bank dbinit - -echo "running libeufin-bank serve in background" -libeufin-bank serve & - -is_serving http://localhost:15000/config libeufin-bank - -EXCHANGE_IBAN=DE159593 -BLOG_IBAN=DE940993 -GNUNET_IBAN=DE463312 -DEFAULT_IBAN=DE474361 -TOR_IBAN=DE358263 -TALER_IBAN=DE102893 -SURVEY_IBAN=DE731371 - -EXCHANGE_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o exchange-bank-password` -POS_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o pos-bank-password` -BLOG_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o blog-bank-password` -GNUNET_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o gnunet-bank-password` -DEFAULT_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o default-bank-password` -TOR_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o tor-bank-password` -TALER_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o taler-bank-password` -SURVEY_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o survey-bank-password` - -req=$(jq -n ' - { - username: "exchange", - password: $PW, - name: "exchange", - is_public: true, - is_taler_exchange: true, - internal_payto_uri: $PAYTO, - }' \ - --arg PW $EXCHANGE_SANDBOX_PASSWORD \ - --arg PAYTO "payto://iban/$EXCHANGE_IBAN" - ) -echo $req -curl -v -X POST -H "Content-Type: application/json" --data "$req" http://localhost:15000/accounts - - -# starting the SPA -BLOG_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o blog-url` -DONATIONS_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o donations-url` -SURVEY_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o survey-url` -LANDING_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o landing-url` -BANK_WEBUI_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o bank-url` -BANK_BACKEND_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o bank-backend-url` - -sed -i "s;__LANDING_URL__;${LANDING_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__BLOG_URL__;${BLOG_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__DONATIONS_URL__;${DONATIONS_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__SURVEY_URL__;${SURVEY_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__BANK_WEBUI_URL__;${BANK_WEBUI_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__BANK_BACKEND_URL__;${BANK_BACKEND_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -# Serves BANK_WEBUI_URL -nginx -c /nginx.conf 2>&1 | rotatelogs -e /logs/bank-ui-%Y-%m-%d.log 86400 & - -echo "Launched bank services" - -# -n makes 'wait' return as soon as one of the background -# processes exits. That triggers then the 'restart: always' -# policy set in the compose file. -wait -n diff --git a/sandcastle/images/merchant/Dockerfile b/sandcastle/images/merchant/Dockerfile deleted file mode 100644 index feffada..0000000 --- a/sandcastle/images/merchant/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM taler_local/taler_base - -COPY startup.sh / -COPY create_instances.sh / -COPY update_instances_auth.sh / -RUN chmod +x /startup.sh -ENTRYPOINT /startup.sh diff --git a/sandcastle/images/merchant/create_instances.sh b/sandcastle/images/merchant/create_instances.sh deleted file mode 100644 index c3b9adf..0000000 --- a/sandcastle/images/merchant/create_instances.sh +++ /dev/null @@ -1,45 +0,0 @@ -function die() { - echo $1 - exit 1 -} -function create_instance() { - echo -n "Creating merchant backend instance $1 with IBAN $2..." - NAME=$1 - IBAN=$2 - RECV_NAME=$3 - URI='payto://iban/SANDBOXX/'$IBAN'?receiver-name='$RECV_NAME - REQ="$(jq -n ' - { - auth: { method: "token", "token": $TOKEN }, - payto_uris: [$URI], - accounts: [{payto_uri: $URI}], - id: $NAME, - name: "GNU Taler", - address: {}, - jurisdiction: {}, - use_stefan: true, - default_wire_transfer_delay: {d_us: 1}, - default_pay_delay: {d_us: 3600000000}, - }' \ - --arg URI "$URI" \ - --arg TOKEN "$BACKEND_APIKEY" \ - --arg CURRENCY "$CURRENCY" \ - --arg NAME "$NAME" - )" - - curl --silent --show-error \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $BACKEND_APIKEY" \ - -X POST \ - -d "$REQ" \ - http://merchant/management/instances || die "instance creation failed" - echo DONE -} - -create_instance default "$DEFAULT_IBAN" TestMerchant -create_instance pos "$POS_IBAN" PoS -create_instance blog "$BLOG_IBAN" BlogCompany -create_instance GNUnet "$GNUNET_IBAN" GNUnet -create_instance Taler "$TALER_IBAN" Taler -create_instance Tor "$TOR_IBAN" Tor -create_instance survey "$SURVEY_IBAN" Survey diff --git a/sandcastle/images/merchant/startup.sh b/sandcastle/images/merchant/startup.sh deleted file mode 100644 index c33121a..0000000 --- a/sandcastle/images/merchant/startup.sh +++ /dev/null @@ -1,146 +0,0 @@ -#!/bin/bash - -set -o pipefail -set -eu - -export LD_LIBRARY_PATH=/usr/local/lib -export GNUNET_FORCE_LOG=";;;;WARNING" - -mkdir -p /etc/taler -TALERCONF=/etc/taler/taler.conf -cp /config/merchant/taler.conf $TALERCONF - -# Values from config file mounted at run time: -CURRENCY=`taler-config -c /config/deployment.conf -s taler-deployment -o currency` -BACKEND_APIKEY=`taler-config -c /config/deployment.conf -s taler-deployment -o merchant-apikey` -BACKEND_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o merchant-url` -SYNC_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o sync-url` -EXCHANGE_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o default-exchange` -DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o db-password` - -BLOG_IBAN=DE940993 -POS_IBAN=DE445094 -GNUNET_IBAN=DE463312 -DEFAULT_IBAN=DE474361 -TOR_IBAN=DE358263 -TALER_IBAN=DE102893 -SURVEY_IBAN=DE731371 - -while ! pg_isready -h talerdb -d taler; do - echo DB not ready yet. - sleep 2 -done -echo Now DB is ready. - -# FIXME: wallets external to the containers put localhost'ed -# exchanges along a /pay request. That breaks here, since the -# exchange listens from another container. The following -# command routes every request to 5555 (port on the host -# system that points to a contained exchange AND where the -# merchant tries to /deposit), to the container where the exchange listens. -socat TCP-LISTEN:5555,fork,reuseaddr TCP:exchange:80 & - -# FIXME: browsers can only get redirected to merchant backends -# as they appear outside of the container (port 5556). OTOH, -# merchant frontends can only talk to backends as they appear -# _inside_ the container (port 80). Config, ultimately, must -# specify backends as they appear outside, otherwise frontends -# would redirect browsers with in-container addresses, that -# would make the backend not reached. The following redirection -# allows to bridge the external merchant port to the internal, -# to make frontends reach the backend. -socat TCP-LISTEN:5556,fork,reuseaddr TCP:localhost:80 & - -# sync HTTPD redirect: -socat TCP-LISTEN:5563,fork,reuseaddr TCP:localhost:8080 & - -# $2 might have Authorization header. -is_serving () { -set +u # tolerate missing $2 -echo Checking $1 -for n in `seq 1 50` - do - echo "." - sleep 0.5 - OK=1 - # auth case. - if test -n "$2"; then - wget --header "$2" $1 -t 1 -o /dev/null -O /dev/null >/dev/null && break - else - wget $1 -t 1 -o /dev/null -O /dev/null >/dev/null && break - fi - OK=0 - done - if [ 1 != $OK ] - then - echo "ERROR: $1 unreachable." - exit 1 - fi - echo Now available: $1 - set -u -} - -is_serving ${EXCHANGE_URL} - -EXCHANGE_MASTER_PUB=$(curl -s ${EXCHANGE_URL}keys | jq -r .master_public_key) -echo Found Exchange Pub: $EXCHANGE_MASTER_PUB -sed -i "s;__EXCHANGE_URL__;${EXCHANGE_URL};" $TALERCONF -sed -i "s/__EXCHANGE_PUB__/${EXCHANGE_MASTER_PUB}/" $TALERCONF -sed -i "s/__CURRENCY__/${CURRENCY}/" $TALERCONF -sed -i "s/__BACKEND_APIKEY__/${BACKEND_APIKEY}/" $TALERCONF -sed -i "s;__BACKEND_URL__;${BACKEND_URL};" $TALERCONF -sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" $TALERCONF - -echo "Init database... " -taler-merchant-dbinit -L WARNING -c $TALERCONF -echo DONE -echo -n "Launch merchant backend..." -taler-merchant-httpd -L WARNING -a $BACKEND_APIKEY -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-merchant-httpd-%Y-%m-%d.log 86400 & -echo DONE -sleep 1 - -is_serving "${BACKEND_URL}config" - -# If the witness instance exists or has wrong auth, -# then all the others do. -echo -n "Checking instances existence..." -INSTANCES_STATUS=$(curl -s -o /dev/null \ - -w "%{http_code}" \ - -H "Authorization: Bearer $BACKEND_APIKEY" \ - "${BACKEND_URL}instances/Taler/private") -echo "DONE ($INSTANCES_STATUS)" - -case $INSTANCES_STATUS in - "404") - echo "Taler (witness) instance not found, assuming none is." - source /create_instances.sh; - ;; - "401") - echo "Taler (witness) instance had wrong auth, assuming API key is new." - source /update_instances_auth.sh; - ;; - *) - echo "Taler (witness) instance found, API key correct, do nothing." - ;; -esac -export TALER_ENV_URL_MERCHANT_BLOG=`taler-config -c /config/deployment.conf -s taler-deployment -o blog-url` -export TALER_ENV_URL_MERCHANT_DONATIONS=`taler-config -c /config/deployment.conf -s taler-deployment -o donations-url` -export TALER_ENV_URL_MERCHANT_SURVEY=`taler-config -c /config/deployment.conf -s taler-deployment -o survey-url` -export TALER_ENV_URL_INTRO=`taler-config -c /config/deployment.conf -s taler-deployment -o landing-url` -export TALER_ENV_URL_BANK=`taler-config -c /config/deployment.conf -s taler-deployment -o bank-url` - -echo -n "Launch blog..." -taler-merchant-demos -c $TALERCONF --http-port 8080 blog 2>&1 | rotatelogs -e /logs/blog-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launch donations..." -taler-merchant-demos -c $TALERCONF --http-port 8081 donations 2>&1 | rotatelogs -e /logs/donations-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launch Survey..." -taler-merchant-demos -c $TALERCONF --http-port 8082 survey 2>&1 | rotatelogs -e /logs/survey-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launch Landing..." -taler-merchant-demos -c $TALERCONF --http-port 8083 landing 2>&1 | rotatelogs -e /logs/landing-%Y-%m-%d.log 86400 & -echo DONE - -wait -n diff --git a/sandcastle/images/merchant/update_instances_auth.sh b/sandcastle/images/merchant/update_instances_auth.sh deleted file mode 100644 index b1ab8a6..0000000 --- a/sandcastle/images/merchant/update_instances_auth.sh +++ /dev/null @@ -1,18 +0,0 @@ -echo -n "Change pos auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/pos/auth -echo DONE -echo -n "Change blog auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/blog/auth -echo DONE -echo -n "Change GNUnet auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/GNUnet/auth -echo DONE -echo -n "Change Taler auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/Taler/auth -echo DONE -echo -n "Change Tor auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/Tor/auth -echo DONE -echo -n "Change survey auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/survey/auth -echo DONE diff --git a/sandcastle/images/postgres/Dockerfile b/sandcastle/images/postgres/Dockerfile deleted file mode 100644 index d0fde23..0000000 --- a/sandcastle/images/postgres/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM docker.io/postgres - -# Default "${PGDATA}/log" directory was problematic -# when mounted in a volume. Prefer arbitrary "/logs". -RUN mkdir /logs -RUN chown postgres:postgres /logs - -COPY init.sh /docker-entrypoint-initdb.d/init.sh -RUN chmod +x /docker-entrypoint-initdb.d/init.sh diff --git a/sandcastle/images/postgres/init.sh b/sandcastle/images/postgres/init.sh deleted file mode 100644 index d0cdacf..0000000 --- a/sandcastle/images/postgres/init.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -eu - -# FIXME: use taler-config. -CUSTOM_PASSWORD=$(grep ^db-password < /config/deployment.conf | awk -F= '{print $2}' | tr -d "[:space:]") -if test -z "${CUSTOM_PASSWORD}"; then - echo ERROR: database password empty. -fi -echo "ALTER ROLE root WITH PASSWORD '"${CUSTOM_PASSWORD}"';" | psql -U root -createdb -U root -O root taler -echo "ALTER SYSTEM SET logging_collector TO 'true';" | psql -U root -echo "ALTER SYSTEM SET log_directory TO '/logs';" | psql -U root -echo "ALTER SYSTEM SET log_filename TO 'postgres-%Y-%m-%d.log';" | psql -U root -pg_ctl restart diff --git a/sandcastle/images/woocommerce/Dockerfile b/sandcastle/images/woocommerce/Dockerfile deleted file mode 100644 index 0d16df7..0000000 --- a/sandcastle/images/woocommerce/Dockerfile +++ /dev/null @@ -1,99 +0,0 @@ -FROM debian:bullseye - -# This file is in the public domain. - -LABEL docker-woocommerce.demo.taler.net="0.0.1-beta" -RUN echo "avoid docker cache..." - -EXPOSE 9001 - -WORKDIR /root/ - -COPY tags.conf . -COPY entry-point.sh . - -# Install dependencies - - -RUN apt-get update && apt-get install -y \ - software-properties-common \ - ca-certificates \ - lsb-release \ - apt-transport-https \ - wget \ - curl \ - git \ - unzip \ - gnupg \ - nginx - -RUN sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' - -RUN wget -qO - https://packages.sury.org/php/apt.gpg | apt-key add - - -RUN apt-get update - -RUN . /root/tags.conf \ - && apt-get install \ - php${PHP_VERSION} \ - php${PHP_VERSION}-common \ - php${PHP_VERSION}-mbstring \ - php${PHP_VERSION}-xmlrpc \ - php${PHP_VERSION}-soap \ - php${PHP_VERSION}-gd \ - php${PHP_VERSION}-xml \ - php${PHP_VERSION}-intl \ - php${PHP_VERSION}-mysql \ - php${PHP_VERSION}-cli \ - php${PHP_VERSION}-ldap \ - php${PHP_VERSION}-zip \ - php${PHP_VERSION}-curl\ - php${PHP_VERSION}-zip \ - php${PHP_VERSION}-fpm -y - -# Download Wordpress, plugins and theme + extract - -RUN . /root/tags.conf \ - && mkdir -p /var/www/wordpress/wp-content/plugins \ - && mkdir -p /var/www/wordpress/wp-content/themes \ - && wget https://wordpress.org/wordpress-${WORDPRESS_VERSION}.tar.gz \ - && tar -xzf wordpress-${WORDPRESS_VERSION}.tar.gz -C /var/www/ \ - && wget https://downloads.wordpress.org/plugin/woocommerce.${WOOCOMMERCE_VERSION}.zip \ - && unzip woocommerce.${WOOCOMMERCE_VERSION}.zip -d /var/www/wordpress/wp-content/plugins \ - && wget https://downloads.wordpress.org/theme/ecommerce-star.${WORDPRESS_PARENT_THEME_VERSION}.zip \ - && unzip ecommerce-star.${WORDPRESS_PARENT_THEME_VERSION}.zip -d /var/www/wordpress/wp-content/themes \ - && wget https://downloads.wordpress.org/theme/shop-here.${WORDPRESS_CHILD_THEME_VERSION}.zip \ - && unzip shop-here.${WORDPRESS_CHILD_THEME_VERSION}.zip -d /var/www/wordpress/wp-content/themes \ - && wget https://downloads.wordpress.org/plugin/gnu-taler-payment-for-woocommerce.zip \ - && unzip gnu-taler-payment-for-woocommerce.zip -d /var/www/wordpress/wp-content/plugins - -# Install wp-cli - -RUN wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar \ - && chmod +x wp-cli.phar \ - && mv wp-cli.phar /usr/local/bin/wp - - -RUN chown -R www-data:www-data /var/www/wordpress - -# Remove downloads from root directory - -RUN rm -Rf /root/*.zip - -# Copy nginx configuration from host, to container - -COPY woocommerce.conf /etc/nginx/sites-available - -RUN ln -s /etc/nginx/sites-available/woocommerce.conf /etc/nginx/sites-enabled/woocommerce.conf \ - && rm /etc/nginx/sites-enabled/default - - -# Execute entrypoint - -RUN chmod +x entry-point.sh - -ENTRYPOINT /root/entry-point.sh - -# Additional steps after entrypoint. - -#CMD ["nginx", "-g", "daemon off;"] diff --git a/sandcastle/images/woocommerce/docker-compose.yml b/sandcastle/images/woocommerce/docker-compose.yml deleted file mode 100644 index 63850d6..0000000 --- a/sandcastle/images/woocommerce/docker-compose.yml +++ /dev/null @@ -1,46 +0,0 @@ -version: '3' -services: - db: - image: mariadb - environment: - MARIADB_DATABASE: exampledb - MYSQL_USER: wordpress_user - MYSQL_PASSWORD: wordpress_password - MYSQL_RANDOM_ROOT_PASSWORD: "1" - volumes: - - mariadb_data:/var/lib/mysql - wordpress: - build: images/woocommerce - image: woo - container_name: woocommerce_taler - depends_on: - - db - ports: - - "9001:80" - environment: - WORDPRESS_DB_HOST: db:3306 - WORDPRESS_DB_USER: wordpress_user - WORDPRESS_DB_PASSWORD: wordpress_password - WORDPRESS_DB_NAME: exampledb - WORDPRESS_TABLE_PREFIX: "wp_" - WORDPRESS_DEBUG: 1 - volumes: - - wp_data:/var/www/wordpress - - /home/jj/final-woocommerce-docker/nginx-conf:/etc/nginx/conf.d - wordpress-cli: - container_name: wp_cli - #entrypoint: wordpress - depends_on: - - db - - wordpress - volumes: - - wp_data:/var/www/wordpress - image: wordpress:cli - links: - - db:db - working_dir: /var/www/wordpress - user: "33" - command: wp core install --path="/var/www/wordpress" --url="http://woocommerce.valenciatech.com" --title=gnu-taler --admin_user=admin --admin_password=admin --admin_email=your-email-here -volumes: - wp_data: - mariadb_data: diff --git a/sandcastle/images/woocommerce/entry-point.sh b/sandcastle/images/woocommerce/entry-point.sh deleted file mode 100755 index d954d78..0000000 --- a/sandcastle/images/woocommerce/entry-point.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -source /root/tags.conf - -# Import the whole database (if wp-cli works, this wont be necessary) - -#mysql -u ${MARIADB_USER} -p${MARIADB_PASSWORD} ${MARIADB_DATABASE_NAME} < woocommerce.sql - -# Rename wordpress config file - -mv /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php - -# Replace values database connection - -# Replace values with .env VARIABLES - -sed -ie "s/database_name_here/${WORDPRESS_DATABASE_NAME}/g" /var/www/wordpress/wp-config.php \ - && sed -ie "s/username_here/${WORDPRESS_DATABASE_USER}/g" /var/www/wordpress/wp-config.php \ - && sed -ie "s/password_here/${WORDPRESS_DATABASE_PASSWORD}/g" /var/www/wordpress/wp-config.php \ - && sed -ie "s/localhost/${WORDPRESS_DATABASE_HOST}/g" /var/www/wordpress/wp-config.php - - -# Install WP (either do it here, or through the docker-compose.yml). - -#wp core install --allow-root --url=test.woocommerce.taler.net --title=GNU Taler for WooCommerce --admin_user=admin --admin_password=admin --admin_email=info@example.com - -# Enable theme shop-here - -#wp theme enable shop-here - -# Activate Woocommerce plugin - -#wp plugin activate woocommerce - -# Activate GNU Taler plugin - -#wp plugin activate gnu-taler-payment-for-woocommerce - -# Import products into database - -#wp import /woocommerce-products-backup.xml --authors=create - -service nginx start - -service php${PHP_VERSION}-fpm start - - -while true; do - sleep 100; - done diff --git a/sandcastle/images/woocommerce/tags.conf b/sandcastle/images/woocommerce/tags.conf deleted file mode 100644 index 2ac9d96..0000000 --- a/sandcastle/images/woocommerce/tags.conf +++ /dev/null @@ -1,21 +0,0 @@ - -# Software versions - -PHP_VERSION="8.2" -WOOCOMMERCE_VERSION="7.1.1" -WORDPRESS_VERSION="6.1" -WORDPRESS_PARENT_THEME_VERSION="1.3.9" -WORDPRESS_CHILD_THEME_VERSION="1.0.2" - -# MariaDB credentials (just in case) - -MARIADB_USER="wordpress_user" -MARIADB_PASSWORD="wordpress_password" -MARIADB_DATABASE_NAME="exampledb" - -# Database connection details - -WORDPRESS_DATABASE_NAME="exampledb" -WORDPRESS_DATABASE_USER="wordpress_user" -WORDPRESS_DATABASE_PASSWORD="wordpress_password" -WORDPRESS_DATABASE_HOST="db" diff --git a/sandcastle/images/woocommerce/woocommerce.conf b/sandcastle/images/woocommerce/woocommerce.conf deleted file mode 100644 index b560802..0000000 --- a/sandcastle/images/woocommerce/woocommerce.conf +++ /dev/null @@ -1,47 +0,0 @@ -# Upstream to abstract backend connection(s) for php -upstream php { - server unix:/var/run/php/php8.2-fpm.sock; - server 127.0.0.1:9000; -} - -server { - listen 80; - server_name _; - ## Your website name goes here. - # server_name woocommerce.valenciatech.cloud; - ## Your only path reference. - root /var/www/wordpress; - ## This should be in your http block and if it is, it's not needed here. - index index.php; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - # This is cool because no php is touched for static content. - # include the "?$args" part so non-default permalinks doesn't break when using query string - try_files $uri $uri/ /index.php?$args; - } - - location ~ \.php$ { - #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - include fastcgi_params; - fastcgi_intercept_errors on; - fastcgi_pass php; - #The following parameter can be also included in fastcgi_params file - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { - expires max; - log_not_found off; - } -} diff --git a/sandcastle/import-backup.sh b/sandcastle/import-backup.sh deleted file mode 100755 index 2531611..0000000 --- a/sandcastle/import-backup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -set -eu - -usage () { - echo - echo Usage: ./import-backup.sh [-h, --help] backup-tar - echo - echo This utility imports a TAR backup of data and logs - echo into the Taler services running inside this Docker - echo Compose setup. -} - -for arg in "$@"; do - if test "$arg" = "--help" -o "$arg" = "-h"; then - usage - exit 0 - fi -done - -if ! which docker > /dev/null; then - echo docker not found. - exit 1 -fi - -if ! docker images | grep debian | grep stable > /dev/null; then - echo debian:stable not found. Please extract backup with custom image. - exit 2 -fi - -# No --help/-h given, assume the first argument is the TAR. -BACKUP_TAR="${1:-}" - -if test -z $BACKUP_TAR; then - echo Backup file argument not given. - exit 1 -fi - -if ! test -a $BACKUP_TAR; then - echo File $BACKUP_TAR not found. - exit 1 -fi - -docker run \ - -v $BACKUP_TAR:/tmp/backup.tar \ - -v demo_talerdata:/taler-data \ - -v demo_talerlogs:/taler-logs \ - -it debian:stable /bin/bash -c "tar -x -f /tmp/backup.tar" diff --git a/sandcastle/nginx-example.conf b/sandcastle/nginx-example.conf deleted file mode 100644 index b43e49b..0000000 --- a/sandcastle/nginx-example.conf +++ /dev/null @@ -1,322 +0,0 @@ - server { - server_name exchange.example.com; - root /dev/null; - - location / { - proxy_pass http://localhost:5555/; - proxy_redirect off; - proxy_set_header Host $host; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name backend.example.com; - - location / { - proxy_set_header X-Forwarded-Host "backend.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix "/"; - proxy_pass http://localhost:5556/; - proxy_redirect off; - proxy_set_header Host $host; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name webui-bank.example.com; - - location = / { - # Serves the SPA - index index.html; - proxy_pass http://localhost:15002/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name bank.example.com; - - location = / { - return 301 https://bank.example.com/webui; - - } - - location /webui/ { - index index.html; - proxy_pass http://127.0.0.1:15002/; - } - - - - location / { - recursive_error_pages on; - proxy_pass http://127.0.0.1:15000; - # Used, for example, to build the taler://-URIs - proxy_set_header X-Forwarded-Host "bank.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix "/"; - } - - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name shop.example.com; - - location / { - proxy_set_header X-Forwarded-Host "shop.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5559/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/shop.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/shop.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - - -} - - server { - server_name donations.example.com; - - location / { - proxy_set_header X-Forwarded-Host "donations.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5560/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name survey.example.com; - - location / { - proxy_set_header X-Forwarded-Host "survey.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5561/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - # Landing page that explains the demo. - server { - server_name example.com; - - location / { - proxy_pass http://localhost:5562/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - - -} - - server { - server_name sync.example.com; - - location / { - proxy_set_header X-Forwarded-Host "sync.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5563/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - - server { - if ($host = backend.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name backend.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = bank.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name bank.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = blog.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name blog.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = donations.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name donations.example.com; - listen 80; - return 404; # managed by Certbot - - -} server { - if ($host = exchange.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name exchange.example.com; - listen 80; - return 404; # managed by Certbot - - -} - server { - if ($host = intro.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name intro.example.com; - return 404; # managed by Certbot - - - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - -} - - server { - if ($host = survey.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name survey.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = sync.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name sync.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = webui-bank.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name webui-bank.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = intro.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - - - server_name intro.example.com; - listen 80; - return 404; # managed by Certbot - - -} diff --git a/sandcastle/scripts/core b/sandcastle/scripts/core Binary files differnew file mode 100644 index 0000000..0a586d3 --- /dev/null +++ b/sandcastle/scripts/core diff --git a/sandcastle/scripts/setup-sandcastle.sh b/sandcastle/scripts/setup-sandcastle.sh index 8067ac5..cb0ae68 100755 --- a/sandcastle/scripts/setup-sandcastle.sh +++ b/sandcastle/scripts/setup-sandcastle.sh @@ -1,7 +1,19 @@ #!/usr/bin/env bash +# This scripts provisions all configuration and +# services for the Taler sandcastle container. + +set -eu +set -x + echo "hello" +CURRENCY=KUDOS +EXCHANGE_IBAN=DE159593 +EXCHANGE_PLAIN_PAYTO=payto://iban/$EXCHANGE_IBAN +EXCHANGE_FULL_PAYTO="payto://iban/$EXCHANGE_IBAN?receiver-name=Sandcastle+Echange+Inc" +EXCHANGE_BANK_PASSWORD=sandbox + # Just make sure the services are stopped systemctl stop taler-exchange.target systemctl stop taler-merchant-httpd.service @@ -13,6 +25,7 @@ systemctl stop postgresql.service # and then symlinked. # These locations are: # /etc/taler +# /etc/libeufin-bank # /var/lib/taler # postgres DB directory @@ -35,12 +48,78 @@ function lift_dir() { lift_dir /var/lib/taler var-lib-taler lift_dir /etc/taler etc-taler +lift_dir /etc/libeufin-bank etc-libeufin-bank lift_dir /var/lib/postgresql var-lib-postgresql -MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) +# Caddy configuration. +# We use the caddy reverse proxy with automatic +# internal TLS setup to ensure that the services are +# reachable inside the container without any external +# DNS setup under the same domain name and with TLS +# from inside the container. + +systemctl stop caddy.service + +LANDING_DOMAIN=demo.taler.net +BANK_DOMAIN=bank.demo.taler.net +EXCHANGE_DOMAIN=exchange.demo.taler.net +MERCHANT_DOMAIN=backend.demo.taler.net +BLOG_DOMAIN=shop.demo.taler.net +DONATIONS_DOMAIN=donations.demo.taler.net +SURVEY_DOMAIN=survey.demo.taler.net + +cat <<EOF > /etc/caddy/Caddyfile +https://$BANK_DOMAIN { + tls internal + reverse_proxy :8080 +} + +https://$EXCHANGE_DOMAIN { + tls internal + reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock +} +EOF + +cat <<EOF >> /etc/hosts +# Start of Taler Sandcastle Domains +127.0.0.1 $LANDING_DOMAIN +127.0.0.1 $BANK_DOMAIN +127.0.0.1 $EXCHANGE_DOMAIN +127.0.0.1 $MERCHANT_DOMAIN +127.0.0.1 $BLOG_DOMAIN +127.0.0.1 $DONATIONS_DOMAIN +127.0.0.1 $SURVEY_DOMAIN +# End of Taler Sandcastle Domains +EOF + +systemctl start caddy.service + +# Install local, internal CA certs for caddy +caddy trust systemctl start postgresql.service +# Set up bank + +BANK_DB=libeufinbank +# Use "|| true" to continue if these already exist. +sudo -i -u postgres createuser -d libeufin-bank || true +sudo -i -u postgres createdb -O libeufin-bank $BANK_DB || true + +sudo -i -u libeufin-bank libeufin-bank dbinit + +systemctl start libeufin-bank.service + +# TODO: Wait until service is up and running +# TODO: Create accounts for exchange and merchants + +taler-harness deployment wait-taler-service libeufin-bank https://$BANK_DOMAIN/config +taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ --login exchange --exchange --public --payto $EXCHANGE_PLAIN_PAYTO --name Exchange --password sandbox + +# Set up exchange + +MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) + EXCHANGE_DB=talerexchange # Use "|| true" to continue if these already exist. sudo -i -u postgres createuser -d taler-exchange-httpd || true @@ -48,3 +127,101 @@ sudo -i -u postgres createuser taler-exchange-wire || true sudo -i -u postgres createuser taler-exchange-closer || true sudo -i -u postgres createuser taler-exchange-aggregator || true sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true + +# Generate /etc/taler/conf.d/setup.conf +cat <<EOF > /etc/taler/conf.d/setup.conf +[taler] +CURRENCY = $CURRENCY +CURRENCY_ROUND_UNIT = $CURRENCY:0.01 + +[exchange] +AML_THRESHOLD = $CURRENCY:1000000 +MASTER_PUBLIC_KEY = $MASTER_PUBLIC_KEY +BASE_URL = https://$EXCHANGE_DOMAIN/ + +[exchange-account-default] +PAYTO_URI = $EXCHANGE_FULL_PAYTO +ENABLE_DEBIT = YES +ENABLE_CREDIT = YES +@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf +EOF + +cat <<EOF >/etc/taler/secrets/exchange-db.secret.conf +[exchangedb-postgres] +CONFIG=postgres:///${EXCHANGE_DB} +EOF +chmod 440 /etc/taler/secrets/exchange-db.secret.conf +chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf + +cat <<EOF > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +[exchange-accountcredentials-default] +WIRE_GATEWAY_URL = https://$BANK_DOMAIN/accounts/exchange/taler-wire-gateway/ +WIRE_GATEWAY_AUTH_METHOD = basic +USERNAME = exchange +PASSWORD = ${EXCHANGE_BANK_PASSWORD} +EOF +chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf + +taler-harness deployment gen-coin-config \ + --min-amount "${CURRENCY}:0.01" \ + --max-amount "${CURRENCY}:100" \ + >/etc/taler/conf.d/"${CURRENCY}"-coins.conf + +echo "Initializing exchange database" +sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf + +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + + +systemctl enable --now taler-exchange.target + +taler-harness deployment wait-taler-service taler-exchange https://$EXCHANGE_DOMAIN/config +taler-harness deployment wait-endpoint https://$EXCHANGE_DOMAIN/management/keys + +sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + -c /etc/taler/taler.conf \ + download \ + sign \ + upload + +sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + enable-account "${EXCHANGE_FULL_PAYTO}" \ + wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ + global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ + upload + +# Set up merchant backend + +systemctl enable --now taler-merchant-httpd +taler-harness deployment wait-taler-service merchant https://$MERCHANT_DOMAIN/config + +MERCHANT_DB=talermerchant +# Use "|| true" to continue if these already exist. +sudo -i -u postgres createuser -d taler-merchant-httpd || true +sudo -i -u postgres createdb -O taler-merchant-httpd $MERCHANT_DB || true + +cat <<EOF >/etc/taler/secrets/merchant-db.secret.conf +[merchantdb-postgres] +CONFIG=postgres:///${MERCHANT_DB} +EOF +chmod 440 /etc/taler/secrets/exchange-db.secret.conf +chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf + +# merchant passwd +# taler-harness deployment provision-merchant-instance https://$MERCHANT_DOMAIN/ diff --git a/sandcastle/systemd/fund-rewards.service b/sandcastle/systemd/fund-rewards.service deleted file mode 100644 index faa4c37..0000000 --- a/sandcastle/systemd/fund-rewards.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=fund rewards - -[Service] -Type=oneshot -WorkingDirectory=%h/deployment/sandcastle -ExecStart=/usr/bin/docker compose exec exchange bash -c "/fund-rewards.sh" - -[Install] -WantedBy=default.target diff --git a/sandcastle/systemd/fund-rewards.timer b/sandcastle/systemd/fund-rewards.timer deleted file mode 100644 index c69eeab..0000000 --- a/sandcastle/systemd/fund-rewards.timer +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Run fund rewards script -Requires=fund-rewards.service - -[Timer] -Unit=fund-rewards.service -OnCalendar=weekly -Persistent=true - -[Install] -WantedBy=timers.target diff --git a/sandcastle/test-docker-localhost.sh b/sandcastle/test-docker-localhost.sh deleted file mode 100755 index 234d840..0000000 --- a/sandcastle/test-docker-localhost.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -taler-wallet-cli --no-throttle api --expect-success 'runIntegrationTest' \ - '{"amountToSpend":"EUR:10", - "amountToWithdraw":"EUR:30", - "bankBaseUrl":"http://localhost:15000/demobanks/default/access-api/", - "exchangeBaseUrl":"http://localhost:5555/", - "merchantBaseUrl":"http://localhost:5556/", - "merchantAuthToken": "'${TALER_DOCKER_APIKEY:-secret-token:salt}'" - }' diff --git a/sandcastle/utils/enable-services.sh b/sandcastle/utils/enable-services.sh deleted file mode 100755 index 0feacbd..0000000 --- a/sandcastle/utils/enable-services.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - - -# Copy the fund-rewards.service and fund-rewards.timer files, to the host systemd folder - -cp systemd/fund-rewards.* ~/.config/systemd/user - -systemctl --user daemon-reload - -systemctl --user enable --now fund-rewards.timer diff --git a/sandcastle/utils/fund-rewards.sh b/sandcastle/utils/fund-rewards.sh deleted file mode 100755 index 6f76a39..0000000 --- a/sandcastle/utils/fund-rewards.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash - -# This file is in the public domain. - -set -eu - -# Maybe add these to base Dockerfile as ENV? - -export LD_LIBRARY_PATH=/usr/local/lib -export GNUNET_FORCE_LOG=";;;;WARNING" - -# Configuration variables - Please change to your needs - -DOMAIN="demo.taler.net" - -# Program variables - No need to be changed by the user. - -MERCHANT_URL="https://backend.${DOMAIN}/" -MERCHANT_APIKEY=$(taler-config -c /config/deployment.conf -s taler-deployment -o merchant-apikey) -BANK_ACCESS_URL="https://bank.${DOMAIN}/demobanks/default/access-api/" -WIRE_METHOD="iban" -AMOUNT="100" # Amount to add, on each new reserve (tiptopup option) -BANK_ACCOUNT="survey-at-sandbox" -BANK_PASSWORD="secret-at-sandbox" -#BANK_PASSWORD=$(taler-config -c /config/deployment.conf -s taler-deployment -o db-password) -EXCHANGE_URL=$(taler-config -c /config/deployment.conf -s taler-deployment -o default-exchange) -EXCHANGE_URL="https://exchange.${DOMAIN}/" -# shellcheck disable=SC2034 -CURRENCY=$(taler-config -c /config/deployment.conf -s taler-deployment -o currency) - -# Obtain current reserves in json format -# Just one single call to the taler-harness program to avoid inconsistencies - -JSON=$(taler-harness deployment tip-status \ - --merchant-url "$MERCHANT_URL" \ - --merchant-apikey "$MERCHANT_APIKEY") - -# Calculate remaining funds - -ACTIVE_FUNDS=$(echo "$JSON" | jq '[.reserves[] | select(.active)]') - -# If there is ANY active reserve, then do the substraction -if [[ $ACTIVE_FUNDS != "[]" ]]; then -TOTAL_EXCHANGE_INITIAL_AMOUNT=$(echo "$ACTIVE_FUNDS" | jq --arg cur "$CURRENCY" '[.[].exchange_initial_amount | sub($cur + ":"; "") | tonumber] | add') -TOTAL_PICKUP_AMOUNT=$(echo "$ACTIVE_FUNDS" | jq --arg cur "$CURRENCY" '[.[].pickup_amount | sub($cur + ":"; "") | tonumber] | add') -TOTAL_RESERVE_AMOUNT=$((TOTAL_EXCHANGE_INITIAL_AMOUNT - TOTAL_PICKUP_AMOUNT)) -else -# Otherwise set variable to zero -TOTAL_RESERVE_AMOUNT=0 -fi - -# Decide whether add a new reserve, or leave it as is. - -if [ "$TOTAL_RESERVE_AMOUNT" -lt 100 ]; then - # Add new reserve amount of 100 units - taler-harness deployment tip-topup \ - --merchant-url "$MERCHANT_URL" \ - --merchant-apikey="$MERCHANT_APIKEY" \ - --bank-access-url "$BANK_ACCESS_URL" \ - --wire-method="$WIRE_METHOD" \ - --amount=KUDOS:"$AMOUNT" \ - --bank-account="$BANK_ACCOUNT" \ - --bank-password="$BANK_PASSWORD" \ - --exchange-url "$EXCHANGE_URL" -fi - -# If the json variable contains more than 100 records, wipe its content - -TOTAL_JSON_RECORDS=$(echo "$JSON" | jq '.[] | length') - -if [ "$TOTAL_JSON_RECORDS" -gt 100 ]; then - taler-harness deployment tip-cleanup --merchant-url "$BACKEND_URL" -fi - |